logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)

Description

## Summary IBM Security Access Manager Appliance has addressed the following vulnerability. ## Vulnerability Details **CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>)** DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ## Affected Products and Versions **Affected IBM Security Access Manager Appliance** | **Affected Versions** ---|--- IBM Security Access Manager for Web| 7.0-7.0.0.31 ## Remediation/Fixes **Product** | **VRMF** | **APAR** | **Remediation ** ---|---|---|--- IBM Security Access Manager for Web| 7.0 - 7.0.0.31| IJ03385| Upgrade to 7.0.0.34: [7.0.0-ISS-WGA-IF0034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
ibm security access manager 7.0.0

Related